I have never had a report that any of our ISOs have triggered a warning such as that, so it's certainly a surprise to me. I can confirm that our ISOs (and other builds) do not contain any malicious software to the best of my knowledge. They certainly didn't when I uploaded them, and on face value, they appear to be the same images that I uploaded.

Having said that, I can't guarantee that what is going on on your computer is not malicious. It seems unlikely, but perhaps your browser is being hijacked (by some malicious code unconnected to us) to download a file that isn't coming from our mirror?

If you have more information about the warning that you are seeing (e.g. a log file with details of what issue it's hitting), please fee free to share and I'll give you my further thoughts.

In the meantime, so long as you just "download" the ISO file (i.e. don't auto run it with anything) and double check against the hashes (I'll also post the hashes below). The hash file is also signed by our GPG release key, so you can also download it and double check that you have the right/legitimate hash file. You can find our GPG release key (Fingerprint: A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772) for v16.x images either on the SKS keyserver network (e.g. Ubuntu keyserver) under the email release-buster-images@turnkeylinux.org . And/or you can also find it in our GitHub "common" repo.

The hashes for the v16.0 LAMP appliance ISO are:

$ sha256sum turnkey-lamp-16.0-buster-amd64.iso
2d42d4b0361be01aaf1d6451b6bbf3915da5fed478e075be9fd86f3e944eb7f6  turnkey-lamp-16.0-buster-amd64.iso

$ sha512sum turnkey-lamp-16.0-buster-amd64.iso
44a551fbb4ff44d481afad614143115f9a8ca40656f4389905c279dadb35f483c27c1735d107a789f74269960e25dff2920a4c23ef8192346fe8181eee61dfe9  turnkey-lamp-16.0-buster-amd64.iso